That .gov outage this morning? Blame an error in domain name security

Corrupted data made Internet think .gov DNS was not really .gov.

This morning, citizens trying to reach US government websites got a bit of a surprise—the entirety of the .gov top level domain appeared to be offline. The reason: a hiccup in the Domain Name Service Security Extension (DNSSEC) information being distributed by .gov's registry.

According to a source at the General Services Administration, which operates the .gov registry, the registry team discovered that the DNSSEC information being distributed by its root domain name server had somehow become corrupted. The corruption affected the root domain's digital signature, making it appear not to be the authoritative server for the government's Internet names. As DNS data aged and expired, government sites disappeared from the Internet's directory and became unreachable by their host names (though the servers remained up).

The team reset the DNS server to correct the error. By around 10:20am Eastern Time today, government sites magically reappeared on the Internet. Resolution of the sites within the government's own networks was never interrupted.

Could this be a cover for some NSA-sponsored activity, something to more fully track or otherwise extract info from visitors to the guv?

I assume the .gov sites already do some amount of info-gathering and tracking of visitors, but with the horsepower of NSA behind it, I could have nightmares about an "extraordinary rendition" of your hitherto private data.

Could this be a cover for some NSA-sponsored activity, something to more fully track or otherwise extract info from visitors to the guv?

I assume the .gov sites already do some amount of info-gathering and tracking of visitors, but with the horsepower of NSA behind it, I could have nightmares about an "extraordinary rendition" of your hitherto private data.

Tracking is not just the realm of the government when it comes to website visitors....

Every decent website out there runs some kind of analytics to log visitor traffic to help them tailor content to the audience. This generally includes source IP, geographic region, Browser and O/S type, and page visits and viewing times. I get what you are trying to say, but website analytics is not spying, its just how it works.

On the morning of August 14, a relatively small number of networksmay have experienced an operational disruption related to the signingof the .gov zone. In preparation for a previously announced algorithmrollover, a software defect resulted in publishing the .gov zonesigned only with DNSSEC algorithm 8 keys rather than with bothalgorithm 7 and 8. As a result .gov name resolution may have failedfor validating recursive name servers. Upon discovery of the issue,Verisign took prompt action to restore the valid zone.

Verisign plans to proceed with the previously announced .gov algorithmrollover at the end of the month with the zone being signed withboth algorithms for a period of approximately 10 days.